Bitbucket Token

Bridgecrew Policy ID: BC_GIT_27
Chekov Check ID: CKV_SECRET_27
Severity: LOW

Bitbucket Keys

Description

Bitbucket Cloud REST API integrations, and Atlassian Connect for Bitbucket add-ons, can use OAuth 2.0 to access resources in Bitbucket. For obtaining access/bearer tokens, we support three of RFC-6749's grant flows, plus a custom Bitbucket flow for exchanging JWT tokens for access tokens.

Client ID: Stores the identifier that the authorization service uses to validate a login request. You generate this value in the authorization service when you configure the authorization settings for a web application and enter an authorized redirect URI.
Client Secret: Stores the secret or password used to validate the client ID. You generate this value in the authorization service together with the client ID.

Fix - Buildtime

Bitbucket

Access tokens expire in two hours. When this happens you'll get 401 responses.

Most access token grant response therefore include a refresh token that can then be used to generate a new access token, without the need for end user participation: